Forcibly changed servers; data loss!

December 2, 2011 / gbl08ma / 3 Comments

Let’s keep things short as I have lots of things to do. On 30th November, this website was working functional as it had always been since April 2011. Then suddenly, in the morning of 1st December, the server had been reloaded.

At first I thought it was because someone with admin powers at cheapvps.co.uk, the provider of my previous server that hosted this website, reloaded the VPS. But after some searches, I ended concluding the VPS, which luis123456 had given to me in April 2011, was still owned by someone else – and that someone was trying to make use of the VPS.

I found the email of the real VPS owner (in fact, I used it for logging in to the VPS control panel, but I always had thought it was just some random address, because it only had two letters and five numbers!). I sent an email to that address, and some hours ago, I got a reply from David W. – the real owner of my previous gbl08ma.com server, to which I called “hydrogen”. So what happened in fact? According to David, he told luis123456 to “maintain” (and no more than that) the VPS. luis123456, whose real name is Luis A. (so we talk about real names here) was not authorized, to use the VPS. Still, (and I repeat, this is the saying of David), Luis gave me the VPS. Luis never said anything about this: I thought the VPS was some kind of sponsored VPS which the sponsor forgot about.

So, the old server was reloaded. But things were worse for my side: I was supposed to have an automated backup system, but it was broken and I had no time to fix it. Shortening: I have no backups of the old server, except Google cache, which didn’t cache one or two blog posts. Apart from the text of the posts, cached by Google, I lost everything on the server, that is, all files, images, configuration files, scripts, WordPress plugins, themes… hosted within the server. This also includes the few Anti-Aliased fonts for Rockbox, which I’ll have to upload again some day.

I just finished restoring all the blog posts I could. I’m still wondering how to restore comments done by other users on the various posts. But wait, I missed one part, right? How did I get this new server?

Indeed, this is a new server. I say the website keeps being the same only because the matter and intention of it keeps being the same, but in technical terms, this is a whole new WordPress install, on a whole new server. While this has some advantages, it also has lots of disadvantages – you can compare this to formatting a dog slow Windows computer, without making backups first: after re-installing the operating system, you get a clean system but most of your data, configuration and software is lost.

This new server was given by Humza Bobat, Infinity at freevps.us. So yes, now I have two server provided by freeVPS.us; since I know other users will get angry with me by having the admins of freeVPS opening an exception of the one-vps-per-user rule, I must provide some good argument to it.

In fact, I need two server for various reasons. One of the reasons, is that since the virtual servers I own are not very powerful (they are low-end boxes), they can barely handle two websites on the same server – note that we are talking about WordPress on this website, and while WordPress can run on fairly modest setups, I want some speed both for me and for the sometimes 10 concurrent users of the websites (it happens, for example when my stories get featured on Slashdot).

The multiple virtual host configurations, while they work well if you never touch the configuration files, are harder to maintain, in my opinion. But the main reason why having multiple servers is necessary is the following: being servers provided for free, you never know when one goes offline or you loose it forever (OMG! It just happened!). If one goes offline, you can still use the other for temporarily hosting an additional website or at least some informational page. Plus, you should never put all your eggs in one basket: the server that served gbl08ma.com went away with its data, but the situation could be worse if all the things were on it. If I had what I have on my “helium” server, the one that serves 4.l.to, on the server I lost, then I would have lost some hundreds of MB of information that is important (some of it even a bit confidential).

A interesting thing is, I have automated backups of the helium server working, although it gets much less visitors (not including short url clicks) than gbl08ma.com gets. The Murphy’s law regarding backups applies: even if you have backups of your things, they will never include what you just lost.

What about naming conventions? The “hydrogen” name now refers to this new server, while I’ll call the old one from on now “deuterium” 🙂 . The 4.l.to server keeps being called “helium”, as ever. I also have one testing server called “lithium”, but it isn’t used for anything permanent – as I said, it’s a test server.

If you have any questions regarding the data loss on this blog, please post on the comments. I’ll be busy for the next days/weeks/months trying to restore more of what was lost.

Comments

David W sent me nothing about that, infact it was until yesterday that I knew of what happened. It ultimately was an error on his part. Since I thought the VPS was mine, I gave it to you. Both things were in good faith. Infact, I forgot about it and deleted all data off my control panels. Idc what goes next, but I just post this so that you hear my side of the story. David’s making things worse by inventing I “hacked” the server. I didn’t do that, I just gave you the control to it! He also said he changed passwords, he never did!

As I say, it was not my fault, infact he waited 8 full months. Infact he did had another provider so I forgot about it. Guess it has come back to bite me. Just don’t make it any more worse.

Thanks for letting us know your side of the story, Luis. David W. said he told you to maintain the VPS and that you were not authorized to use it. He never talked about you hacking the server, nor did I (despite the title on the temporary page at gbl08ma.com saying “Hacked”, that was not to intend you were the hacker).

As for changing passwords: of course the password was changed. I changed the password, since I thought the VPS was mine and nobody else cared about it. I’ve done that eight months ago and the password has been different than that David W. set, since then. In more recent news, I got a lot of password reset requests on my email about a week ago, none of which were requested by me; plus, the server had been shut down. After that episode of password reset request, I changed both the control panel password and the root password – I thought these events were the effect of some hacking attempt at cheapvps.co.uk. After booting the server, it kept working until the night from 30th November to 1st December 2011, when David W. reinstalled (or told the guys at cheapvps.co.uk to reinstall) the server. Since I had no backups, all the data stored in it was lost. At first I thought the server had been hacked, or the guys at cheapvps gave it to someone else (thus making the VPS have multiple owners). But after contacting David W. through the email address I used to login to the VPS CP (when I figured out, with a Google search, that the email wasn’t random and it was the personal inbox of a real person, David W.), I got to the conclusion the VPS wasn’t mine anymore.

David’s excuse for having ignored the server usage for eight months, was that he forgot that he had that VPS. When I questioned him about how many VPSes and hosting accounts he had, he said he had 1 VPS (the one I was using) and two reseller accounts on a shared hosting. If this is true or not, I don’t know and I don’t want to know – I want to avoid making it more worse. But you’ll find what he said about how many hosts he had doesn’t make, in my honest opinion, much sense when compared with what you find by searching his email on Google. From a twitter account, @Zimba_host, where one of the tweets includes his email, to this comment on the freenode staff blog. There’s also this post on a free web hosting provider forum, and it seems to make proof that David W. has, or had at some point in his life, a reseller account with that hosting provider.

We also know David W., under the name of “satnav”, joined a IRC channel named #sumomtg, thanks to this pastebin post, the luck of having someone post a log of that channel to pastebin in the right time, and the power of Google.

To David W.: you can argue I am invading your privacy by posting pages with content by you, and containing your email address. But in fact, all these pages are open to anyone with an internet connection. If someone finds your email on a random web page, he or she only needs a Google search to get to know a lot about you. So, your Gmail email address is not private anymore, specially since you published it publicly on your MySpace profile, along with an Hotmail email address. By the way, David W. (he told me to abbreviate his last name, but anyone who’s willing to know it will find it pretty easily) told me on Gtalk he was going to delete that MySpace.

The same way I exposed here a lot of information about David, I could do the same for Luis, and perhaps I would find even more content. I won’t do it, but leave something similar as an exercise the attentive and interested reader can do: search the web for “luis123456”, find one of his emails, search for that email on the web, find perhaps some more emails, and search for each of them. You’ll discover lots of things I’m sure.
The fact that people can find a lot of information about you is not unique to Luis or David. It’s common to everyone who happens to use the same username all over the web, like I do. If you read the first post of this blog (it’s been recovered), I say that having an unique online identity is not good for privacy and can be dangerous. You must be responsible for what you do on the web under that username – this also makes me believe that if everyone had a single identity on the web, it would be a safer place, at the same time, we can say the purpose of the web is not to duplicate our world. I’m not going into that discussion in this comment, that is now longer than many blog posts.

Conclusion: I don’t want to get angry with any of you, Luis A. or David W.. What’s happened has happened and there’s no way to go back and undo. Better stand up and walk forward than stay crying for the loss and do nothing other than flamebaiting each other of us three. If you look carefully, the major lost, problems and work derived from that problems, came down on me: I lost the data of the old server, I had to find a new server, I had to configure that new server and install everything needed for WordPress in it, and thanks to my lack of care about having backups, I also had to restore everything I could from Google’s cache, then adding each blog post, tag and category by hand. And if you remember of the old website, this one still lacks about 50% of the content. But I don’t complain much. You see, this was one of the fastest website recuperation I have seen, when there are no backups at all.

I’m now on a new server that isn’t provided by any of your two, Luis A. or David W., and, if I want, I can forget about you and go on with my online life, like many others would have done already. I won’t do it, because I think that would be a little lack of respect for you. As I told David W., I’m not in the (free) hosting business anymore (like I was, a bit into it, some months or almost an year ago). All I want to have are some servers, where I can host my websites, my scripts and my online home, this personal blog. It would be such a shame to let this blog go down, now that I have a .com domain for it.